I know that Android does not support automatic detection pac files, and I also know that port 443 can not be redirected. So, This is what I have:
For example, asssuming the squid-cache proxy port is 3128 (eth1 local, eth0 internet), the following iptable rule does not work for the list "macsphone.txt":
for macsphone in $(/path_to/macsphone.txt); do
iptables -t nat -A PREROUTING -i eth1 -m mac --mac-source $macsphone -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -i eth1 -m mac --mac-source $macsphone -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -i eth1 -m mac --mac-source $macsphone -p tcp --dport 3128 -o eth0 -j ACCEPT
done
PD: the list "macsphone.txt" contains the macs addresses of the smartphones with android
Only this rule would work, where transparent port 8080 is opened for the squid proxy for http, and 443 for https that would not pass through the squid proxy:
for macsphone in $(/path_to/macsphone.txt); do
iptables -t nat -A PREROUTING -i eth1 -m mac --mac-source $macsphone -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A INPUT -i eth1 -m mac --mac-source $macsphone -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -i eth1 -m mac --mac-source $macsphone -p tcp --dport 8080 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -m mac --mac-source $macsphone -p tcp --dport 443 -o eth0 -j ACCEPT
done
Is there any way to redirect the android traffic to the squid proxy in non-transparent mode (for http and https) without having to manually set the proxy (ip/port) on android? (with iptables, some script similar to pac file, apache2, qr code, or something else)
That is, avoid this:
PD: DNS, NAT, MASQUERADE, etc is open to my network
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -i eth1 -o eth0 -j MASQUERADE
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT
PD2: Please, do not propose pi-hole, Squid-in-the-middle SSL Bump or similar
0 Answers